What’s new
2407
Citrix Gateway Service for StoreFront
Citrix Gateway Service for StoreFront provides HDX routing to your resources without needing to host your own gateway. For more information, see Gateway Service for StoreFront and Add Citrix Gateway Service.
If you’ve opted the Citrix Gateway Service for StoreFront (Technical Preview) with StoreFront 2311 or 2402 and you’ve configured a CloudGateway, the configuration is no longer valid with StoreFront 2407. You must delete the existing gateway and create new gateways following the updated documentation.
Citrix Workspace Web Extensions
Citrix Workspace Web Extensions is enabled for all installations without needing to manually configure StoreFront using PowerShell.
Windows Server 2025 support
Storefront 2407 can be installed on Windows Server 2025 Datacenter and Standard editions.
Removal of support for Windows Server 2016
StoreFront 2407 can’t be installed on Windows Server 2016. Install StoreFront on Windows Server 2019 or 2022. For more information on removed items, see Deprecation notices.
Citrix Workspace app for HTML5 HDX Client
This release includes Citrix Workspace app for HTML5 HDX client 2404.1.
Fixed Issues
- When the store UI experience is switched between the Unified UI and Next Generation UI, changes should be reflected in Citrix Workspace app the next time it refreshes, without needing to remove and re-add the store.
- Update translation on the client detection screen when using Mozilla FireFox in the Brazilian Portuguese language. [STRFRNTUI-564]
- Remove additional notification shown in Citrix Workspace app for Windows 2309 or higher, when connecting to StoreFront 2402 using a XenApp Services URL [WSP-23122].
- In the StoreFront Web API, the list endpoint should set
isSubscriptionEnabled
according to whether favorites are enabled. [WSP-22503] - In the Store Services API, the Resource Enumeration endpoint should set subscription status according to whether favorites are enabled. [WSP-22503]
- Updated the Content Security Policy defined in the http-equiv tag of the HTML file to block inline scripts. If you have customized StoreFront in a way that uses eval or adds inline scripts to the DOM then this action causes those customizations to fail.
- In the new UI, allow Activity manager to handle more resource feeds than can be enumerated concurrently. [WSP-24122]
Known issues
- When you edit a gateway whose Usage or role is Authentication only, it displays a tab Secure Ticket Authority but if values are entered then they aren’t saved. If you must enter a secure ticket authority to enable client detection then change the Usage or role to Authentication and HDX routing even if HDX routing isn’t required. [WSP-24682]
2402
Prevent .ica file downloads during hybrid launch
To minimize security risks that might arise with the download of .ica files on local systems, the following settings have been introduced. Admins can configure these settings from the StoreFront admin console as a preventive measure against the misuse of downloaded .ica files. These settings include:
For more information, see Prevent ICA file download.
Enable the new UI using the PowerShell command
Admins can enable the new UI for their end users using the following PowerShell command Set-STFWebReceiverService
.
For example:
$rfw=Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
Set-STFWebReceiverService -WebReceiverService $rfw -WebUIExperence Workspace
<!--NeedCopy-->
For more information on the new UI, see New UI
Enable advanced health check for all stores
Advanced health check is now enabled for all existing stores to improve resiliency. With the advanced health check feature, StoreFront can more reliably check for any issues in the delivery controller. When used with Citrix Desktops as a Service, the advanced health check provides additional information about the connectors present at the resource locations. This is useful in the event of an outage. When a user launches a resource, an appropriate connector to launch the resource is selected automatically using Local Host Cache.
If you want to disable Advanced health check for all stores, you can use the following PowerShell script:
foreach ($store in Get-STFStoreService)
{
Set-STFStoreFarmConfiguration -StoreService $store -AdvancedHealthCheck $False
}
<!--NeedCopy-->
Note:
Advanced health check has been enabled by default for new stores from StoreFront 2308 CR release.
Deprecation announcement for Windows Server 2016
Support for installing StoreFront on Windows server 2016 will be removed in a future release. It is recommended that you upgrade to a newer version of the Windows server for continued support. For more information on deprecated items, see Deprecation notices.
Fixed issues
-
If you set the branding settings to default on the new UI (Technical Preview), the old UI default color scheme is applied. [WSUI-8930]
-
App enumeration on StoreFront servers might fail intermittently. [CVADHELP-23196]
-
Activity Manager operations such as Logout, Disconnect, and more aren’t supported for applications that have App Protection policies enabled. [WSP-21324]
-
The PowerShell parameter
-override
is required to change the diagnostics logging settings. [WSP 22214] -
Names containing special characters might appear corrupted in the Settings drop-down menu. [WSP-22210]
-
The first time a user opens a store website in their browser on ChromeOS, it prompts the user to perform client detection but Citrix Workspace app for ChromeOS does not support client detection. As a result, the client detection fails and the users would need to click “already installed” to continue. With this fix, the website skips client detection on ChromeOS. [WSP-22390]
-
For StoreFront version 2311, policies configured in Studio that should only apply to users connecting through a gateway also apply to internal users. [WSP-22766]
Known issues
- When Citrix Workspace app for Windows 2309 or higher is connected to StoreFront using a XenApp Services URL, launching a resource may cause an additional notification to be displayed [WSP-23122].
2311
Citrix Secure Private Access on StoreFront
You can now connect to the Citrix Secure Private Access on-premises server using new PowerShell commands or StoreFront admin UI controls. It allows users to securely access web and SaaS apps through StoreFront. For more information, see Manage the resources made available in stores.
Uninterrupted VDA launch in case of FAS server unavailability
You can now configure StoreFront so that a VDA launch is successful even if the FAS server is unavailable. In such cases, the end users can sign in using their user name and password. Previously, the VDA launch would fail if the FAS servers were unreachable. This feature is disabled by default and can be enabled using the following PowerShell command.
Set-STFStoreLaunchOptions
with parameter FederatedAuthenticationServiceFailover
You can use the same command to disable this feature, if necessary. For more information, see FAS.
Improved user-journey logs
Previously by default only errors were logged. The default logging level has now been changed to include warnings and tracing information. In addition the log messages have been improved. This ensures that by default, all the events that are part of the main user journey are now logged. The default log file size is increased to 1GB (5*200MB) for each service. Typically this requires 1GB (for the roaming service) + 3GB per store (as each store service typically has a corresponding authentication service and receiver for web service). Ensure you have sufficient disk space available. For more information, see Diagnostics logging.
Citrix Workspace web extensions - General Availability
Citrix Workspace web extensions are now generally available for use with StoreFront. These web extensions help you launch resources in your locally installed Citrix Workspace app without prompts to open Workspace launcher or downloading an .ica
file, making your experience safer and more reliable. For more information, see Citrix Web Extensions.
The use of Citrix Workspace web extensions is enabled by default for every new installation of StoreFront. However, end users still need to download the extensions to use this feature.
Note:
Citrix Workspace web extension isn’t enabled automatically during a StoreFront version upgrade. If this feature was turned-off before the upgrade, it remains in the same state after the version update. It will be enabled for all deployments in a future release.
When upgrading an existing deployment you can enable this feature using the following command:
Add-STFFeatureState -Name "Citrix.StoreFront.EnableBrowserExtension " -IsEnabled $True
New UI for on-premises stores (Technical Preview)
The new UI is now available for on-premises stores. This UI, previously available only for cloud stores, ensures a consistent look and feel across cloud and on-prem stores.
The new UI brings the following key improvements:
- User friendly UI: Reduces visual complexity and provides easy access to essential features. For more information, see Workspace visual and layout improvements.
- Activity Manager: Facilitates quick actions on active virtual apps and desktops, saving resources and optimizing performance. For more information, see Activity Manager.
- Enhanced categorization of apps: A multi-level folder structure that is responsive to your end user’s screen size. For more information, see categorization of apps.
- Improved Search capabilities: New search capabilities provide for better and faster results. For more information, see Search options.
For detailed information on this preview, see New UI (Technical Preview).
Note:
You can provide feedback for this feature using this Podio form.
Citrix Workspace app for HTML5 HDX Client
This release includes Citrix Workspace app for HTML5 2402.
Fixed issues
- Citrix Workspace app for Mac might freeze after waking up from Sleep mode when connected to a StoreFront Store. [CVADHELP-23217]
- A race condition can cause the Citrix Subscriptions Store service to exit unexpectedly on the StoreFront server with warning messages. [CVADHELP-23326]
Known issues
- User names with special characters might appear corrupted in the Settings drop-down menu. [WSP-22210]
- The PowerShell parameter
-override
is required to change the TraceLevel settings. [WSP-22214] - For StoreFront version 2311, policies configured in Studio that should only apply to users connecting through a gateway also apply to internal users. [WSP-22766]
2308.1
Fixed issues
- This release addresses a security vulnerability in an underlying component. For more information, see CTX583759. [CVADHELP-23724]
2308
App Protection for hybrid launches
App Protection provides an additional level of security by blocking keyloggers and screen capture. Previously, this functionality was only available when accessing a store through Citrix Workspace apps for Windows, Mac, and Linux. When viewing a store through a web browser, protected apps were not displayed. With this release it’s now possible to configure a store website to display apps requiring App Protection when viewed through a browser, as long as StoreFront has detected that the user has a sufficiently new version of Citrix Workspace app for Windows, Mac, or Linux installed that will be used to launch the app.
For more information see App Protection.
Advanced health check enabled by default
From this release onward, the advance health check feature is enabled by default for new stores. Previously it had to be enabled manually.
When used with Citrix DaaS, the advance health check makes StoreFront aware of the connectors present at the resource locations. In the event of an outage, when a user launches a resource, StoreFront chooses an appropriate connector to launch the resource using Local Host Cache.
Fixed issues
This release includes all fixes from 2203 CU3, plus the following:
-
[CVADHELP-22435] A year after detecting that the user has Citrix Workspace app installed, apps are launched in a browser rather than Citrix Workspace app.
-
[CVADHELP-21886] When using the StoreFront Store Service API to launch an app, overriding settings such as audio quality and disabling printers, the settings might affect all subsequent requests rather than just the current request.
Deprecation of XenApp Services
From this release onward, support for XenApp Services URLs (also known as PNAgent) for connecting to stores is deprecated. It will be removed in a future release. Use Citrix Workspace app to connect to stores using the store URL.
Removal of ability to add XenApp 6.5 delivery controllers
It is no longer possible to add new XenApp 6.5 resource feeds using the StoreFront management console. It is still possible to add them using PowerShell Add-STFStoreFarm specifying the FarmType as XenApp
. For Example:
$store = Get-STFStoreService
Add-STFStoreFarm -StoreService $store -FarmName "XenApp" -FarmType XenApp -Port 80 -TransportType HTTP -Servers Xen1
<!--NeedCopy-->
Existing XenApp 6.5 resource feeds can be modified using the management console.
Note:
XenApp 6.5 isn’t supported by Citrix. The ability to use XenApp 6.5 delivery controllers will be removed in a future release.
Removal of ability to open resources within Internet Explorer 11
It’s no longer possible to open resources within the Internet Explorer 11 web browser. However, it’s still possible to access your store from Internet Explorer 11 but you must install Citrix Workspace app for Windows to be able to launch resources.
Known issues
There are no new known issues in this release.